Data Breach Class-Action Lawsuit Sprouts in California

San Diego, CAA data breach lawsuit has sprouted up in California, alleging that a phishing scam has resulted in the hacking of wage and tax forms belonging to some 21,000 employees in 13 states.

The defendant is Sprouts Farmers Market Inc., an enterprise based in Phoenix, Arizona, with 224 stores across the country. The allegation is that W-2 Wage and Tax forms belonging to any employee having worked for Sprouts in 2015 may have been compromised.

The allegation is that the phishing scam actually resulted in Sprouts voluntarily releasing the sensitive documents into the wrong hands. With the W-2 Wage and Tax information, hackers will allegedly now have in their possession personal information including full names, addresses, and Social Security numbers, amongst other sensitive intel on the employees involved.

The lead plaintiff in the data breach lawsuit is accusing Sprouts of negligence for failing in its duty to its employees, to “maintain, protect, and safeguard their releasing private tax information to a third party who is believed to be using the data for illegal purposes.”

According to the data breach lawsuit, the payroll department responded to a request for W-2 IRS (Internal Revenue Service) information attached to all current and former employees for the 2015 taxation year, in early March of this year. The request had purportedly come from a senior executive of Sprouts. However, it was quickly determined that the executive in question had not made the request, but rather a hacker who had posed as the senior executive in the phishing scam.

It is alleged that someone in payroll fell for the ruse, and released the information as requested. The lead plaintiff in the data breach class action, Julio Hernandez, holds that Sprouts should have known that such a scam was possible, and should have had proper checks and balances in place to ensure such a request was not honored without proper vetting.

Hernandez, a resident of San Diego and a former employee of the defendant, also accuses Sprouts of doing little to remedy the situation after initially informing affected employees of the data breach. An offer of 12 months’ worth of credit monitoring and insurance by the employer does little to aid potential class members, Hernandez says, in that monitoring can only succeed to inform class members of suspicious activity, but can do nothing to prevent it.

“Going forward, Plaintiff anticipates spending considerable time in an effort to contain the impact of Defendant’s Data Breach on himself,” the data breach lawsuit states. “Plaintiff suffers from an increased risk of future identity theft as a result of Defendant’s actions.”

The Sprouts W-2 Data Breach Class-Action Lawsuit is Julio Hernandez v. Sprouts Farmers Market Inc., Case No. 16-cv-0958 in the US District Court for the Southern District of California.